CVE-2019-9648

{"id": "CVE-2019-9648", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-03-22T19:29:00.480", "references": [{"url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2019/Aug/21", "source": "cve@mitre.org"}, {"url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/107446", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/fulldisclosure/2019/Mar/23", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/46535", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \\..\\..\\ substring, allowing an attacker to enumerate file existence based on the returned information."}, {"lang": "es", "value": "Se ha descubierto un problema en el componente SFTP Server en Core FTP 2.0 Build 674. Existe una vulnerabilidad de salto de directorio empleando el comando SIZE junto con una subcadena \\..\\..\\, lo que permite que un atacante enumere la existencia de archivos bas\u00e1ndose en la informaci\u00f3n devuelta."}], "lastModified": "2019-08-26T07:15:10.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "097B61FD-F685-47C0-9427-AA54DC97EAF1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}